Apple recently fixed a zero-day security vulnerability affecting the iPhone 8 and later that the company said was actively exploited, TechCrunch reports.

The company rolled out iOS 16.1.2 on 30 November 2022, which it said contained “important security updates” without providing any further details.

In a disclosure posted to its website on Tuesday, 13 December 2022, the company revealed the vulnerability was part of its WebKit browser engine used for Safari and other apps.

When exploited, the flaw could allow for malicious code to run on the target’s device.

The dangerous payload is typically delivered when a person visits a malicious website in Safari or through an in-app browser that uses WebKit.

Apple said it was aware of the vulnerability being explored against versions of iOS that precede iOS 15.1.

As a result, the company released an update for iOS 15 for those users who had not yet upgraded to iOS 16.

Zero-day flaws refer to vulnerabilities for which the vendor, in this case Apple, is given zero-day’s notice to fix the flaw.

The vulnerability — designated CVE-2022-42856 — was disclosed by Google’s Threat Analysis Group, which investigates nation-state-supported spyware, cyberattacks, and hacking.

TechCrunch said it was unclear why Apple chose not to include the vulnerability’s details in its original post about the iOS 16.1.2 update.

